Internet, E Mail and
Electronic Communication Policy
This policy is twenty-three (23) page in length, is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:
- Appropriate use of equipment
- Internet access
- Electronic Mail
- Retention of e-mail on personal systems
- E-mail and business records retention
- Copyrighted materials
- Banned activities
- Ownership of information
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement (short form)
- E-Mail - Employee Acknowledgement (short form)
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
The WORD template uses the latest CSS style sheet and can easily be modified to conform to the style used in your enterprise policy manual.
Latest Policy News
Hackers are attacking mobile devicesApril 2nd, 2014
Primarily because mobile device applications have the potential to interact with confidential or sensitive information, many organizations see this area as a primary technology challenge to address and a main focus for security initiatives. Hackers have taken notice to this fact and have started targeting these mobile applications - which can ultimately lead to decreased trust in an application or an organization that uses it.
- Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
Workers apathy towards lost mobile devices is a major security riskMarch 10th, 2014
In a survey of U.S. workers in industries such as banking, retail, healthcare and energy there appears to be a general feeling of apathy toward mobile security.
Even if employees leak or lose corporate data, 25 percent of respondents say it's not their problem. Of those who actually lost a phone, 34 percent were not punished, 30 percent had to replace the device and 21 percent simply had a "talkin' to." Given such lackadaisical responses, it's no surprise that one-third of respondents who had lost their phones did not change their security habits afterwards.
Part of the problem is that employees don't really know what's at stake nor do they bother to understand the security portion of the user policy. In the survey, 59 percent estimated the value of the corporate data on their phones to be less than $500.
One out of four workers doesn't know company procedure for dealing with work device loss or theft, according to the survey. It's a communication problem that's not solely the worker's fault.
Additionally, CIOs say lots of employees will keep looking for a lost phone for weeks and not report it (although the policy says they should) out of fear it'll get wiped and they'll lose personal data. That's also perhaps a problem with the policy in relation to human behavior.
CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing Policy
- Physical and Virtual Server Security Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy (includes electronic form)
- Telecommuting Policy (includes 3 electronic forms to help to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information (includes electronic form)
- Travel and Off-Site Meeting Policy
- IT Infrastructure Electronic Forms
Disaster Recovery DigestFebruary 20th, 2014
Disaster Recovery Digest
- Google data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
- 10 best practices for cloud disaster recovery Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations. Ten best practices are:...
- Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
- Options for a data center disaster recovery strategy Data Center disaster recovery strategy options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy Hot...
- Infrastructure Key to Data Center Management and Disaster Recovery Infrastructure is key to data center management Data Center Management Issues Your data centers are stuck in a rut. While 90 per cent have...
Physical and digital security are the focus of CSOsFebruary 12th, 2014
The migration of physical security technology to a network platform has made it easier and more convenient for the CSO and their organizations to integrate the various modalities of physical security into a unified configuration to better safeguard their employees, visitors, premises and material/intellectual property.
Open architecture further enables central control of the various security systems on a single platform, providing higher levels of operational efficiency across the enterprise as well as improved standardization of policies and procedures.more info
IT Trends that will impact business continuityJanuary 9th, 2014
Six trends in IT will effect Disaster Recovery and Business Continuity.
- Security - Thanks to the NSA and GCHQ, (coupled with ongoing allegations against the Chinese), security, corporate privacy and encryption have moved swiftly up the corporate agenda. Identity management, which has often been seen as a nice to have, will become even more of a must have.
- Mobility and convergence - The rapid growth of mobility and the increase in numbers of mobile devices will carry on during 2014. This increase will go hand in hand with further growth in convergence, with all the associated threats and benefits.
- IPv6 - IPV6 will make an increasing impact in enterprise organizations, as infrastructure upgrades create greater corporate IPV6 awareness and increased connectivity to IPV6 customers and suppliers. IPV6 has a number of key mobility and roaming attributes, including the home address concept, which will raise some interesting challenges
- Big data - The rise in data volumes has changed the computing environment for many organizations, with challenges created in managing and reporting on the increasing amount of data, as well as dealing with the growing risk of data loss. 2014 will see data volumes continuing to grow, with a rise in sales of solutions which protect and manage these large amounts of data.
- Visibility reporting and remediation systems - With multiple threats, organizations have deployed multiple security solutions and lost sight of whats actually happening on the threat front. Consolidation to single suppliers will continue, but alongside that, deployment of reporting across multiple vendors will grow strongly.
- Cloud services - Growth in cloud systems and SaaS will continue, particularly for utility services and amongst early adopters. The two key challenges to growth include privacy concerns and security. Solutions that address these issues are beginning to increase at a faster rate than the market.
40 million credit and debit accounts breachedDecember 19th, 2013
Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.
The chain said that accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have been exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. The data breach did not affect online purchases.
The breach affected all cards, including Target store brand cards and major card brands such as Visa and MasterCard.
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate and prevent future breaches. It said it is putting all "appropriate resources" toward the issue.
Target Corp. advised customers to check their statements carefully.more info
Global compliance issuesDecember 4th, 2013
The global regulation that has emerged since the financial crisis is the most rapidly evolving in nearly a century. This environment presents new challenges for compliance professionals as they navigate new regulations, implement new reporting processes within their organization, seek to create operational efficiencies and maintain an effective compliance program.
Chief Compliance Officers (CCO) and other industry professionals need to understand the regulatory reporting challenges faced by all types of enterprises, find lessons learned from others, as well as common practices that firms can leverage. Understanding these new regulations and their reporting requirements, as well as the complex data environment, are critical aspects of operating a strategic compliance program. Janco common practices for compliance excellence and share methods for new reporting implementation. Attendees will hear what challenges firms are facing, what technology and operational strategies they are using to adequately address emerging risks and how theyre ensuring adequate policies and procedures are in place.more info
IT spending slowsNovember 5th, 2013
For the last 2 quarters Janco Associates (www.e-janco.com) has been saying that spending for IT in the U.S. is slowing. Now, it is reported in Computerworld that another research firm is saying the same thing. That research firm now projects that tech spending will increase by 3.9% this year; that's well below its earlier prediction of 5.7%.
The federal budget sequester, the government shutdown and the threat of default have had negative impacts on the economy and direct negative impacts on federal tech buying, as well as indirect impacts on CIOs who simply became cautious.
For instance, CIOs who might have bought servers to meet new demand for computing power are instead moving peak loads and special projects to infrastructure-as-a-service providers.
The White House estimates that the 16-day government shutdown reduced the growth rate of GDP in this quarter by 0.2% to 0.6%.
Next year, that firm projects that U.S. business and government purchases of IT goods and services will rise by 5.3%, thanks to a revived housing market, modest improvement in employment and consumer spending, and improved exports. In contrast Janco Associates feels that spending will be less until after the election next year.- more info
Persons with disabilities at higher risk during a disasterOctober 13th, 2013
UN survey shows needs of persons with disabilities largely ignored during disasters
A high proportion of persons with disabilities die or suffer injuries during disasters because they are rarely consulted about their needs and Governments lack adequate measures to address them, according to a United Nations survey released ahead of the International Day for Disaster Reduction.
The online survey, produced by the UN Office for Disaster Risk Reduction (UNISDR) and partners, consulted nearly 6,000 persons with disabilities in 126 countries on how they cope and prepare for disasters.
The results show that people living with disabilities across the world are rarely consulted about their needs in times of disasters. In cases where they need to evacuate such as during floods or earthquakes, only 20 percent of respondents said they could evacuate immediately without difficulty, 6 percent said they would not be able to evacuate at all and the remainder said they would be able to evacuate with a degree of difficulty.more info
CIO ToolkitsSeptember 12th, 2013
Tool Kits -- CIO CTO Tools
IT-ToolKits.com is the resource site for Information Technology management. This site contains the Information Technology and management infrastructure tools that the CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs - Service Level Agreements, and Metrics. Site includes Browser and Operating System Market Share White Paper and IT Salary Survey Data.
Disaster Recovery Templates are Sarbanes Oxley compliant and the Disaster Recovery Template is included in the Sarbanes Oxley Compliance Kit
IT-Toolkits.com supports a wide range of industries and enterprises of all sizes. Our clients include over 2,500 premier corporations from around the world, including over 250 of the Fortune 500.- more info